Ubuntu 10.04.1 LTS with Vagrant 1.4.3 and Vagrant::Butcher 2.1.5.
我在"vagrant up"结尾得到以下错误:
...
[2014-03-17T22:50:56+00:00] INFO: Chef Run complete in 245.448117502 seconds
[2014-03-17T22:50:56+00:00] INFO: Running report handlers
[2014-03-17T22:50:56+00:00] INFO: Report handlers complete
[Butcher] Creating /home/testuser/vagrant_test/.vagrant/butcher
[Butcher] Failed to create /home/testuser/vagrant_test/.vagrant/butcher/DEV-35-51-client.pem: Vagrant::Errors::VagrantError - The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
cat /etc/chef/client.pem
Stdout from the command:
Stderr from the command:
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: no tty present and no askpass program specified
Sorry, try again.
sudo: 3 incorrect password attempts
Chef客户端运行成功,我们的食谱都安装好了。其中之一是sudo社区食谱,我认为我们忽略了流浪汉用户需要执行cat来读取客户端的条目。pem文件。
谁能告诉我那可能是什么?
更新:
1)流浪用户属于"sudo"组:
$ grep sudo /etc/group
sudo:x:27:vagrant
2) sudoers文件包含一个条目,允许"sudo"组运行任何命令:
# This file is managed by Chef.
# Do NOT modify this file directly.
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# User privilege specification
root ALL=(ALL:ALL) ALL
nagios ALL=(ALL) NOPASSWD: /usr/local/nagios/libexec/
# Members of the group 'admin' may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
#includedir /etc/sudoers.d
这最终不是一个流浪屠夫的问题;那个插件只是碰巧先遇到了这个问题。此外,任何后续的流浪操作也将失败。
Vagrant需要无密码sudo权限。似乎基本盒在/etc/sudoers中声明了它,你用sudo cookbook覆盖了它。
您至少有以下选择:
- 设置
node['authorization']['sudo']['passwordless']属性为true - 不要包含sudo食谱的默认食谱。
- 使用sudo LWRP为流浪用户授予无密码sudo访问权限。
- 使用或构建一个已经使用
/etc/sudoers.d/的基盒
tmatilai很好地解决了这个问题,但是我认为我应该在这里发布我的解决方案以供将来参考。我找到了与他提到的选项#3相同的解决方案,即编写一个添加sudoers的配方。流浪者用户的配置文件。这迫使我修改sudo社区食谱以支持SETENV选项。否则你会得到错误:
sudo: sorry, you are not allowed to preserve the environment
生成的文件是/etc/sudoers.请注意,它需要 NOPASSWD和SETENV:
# This file is managed by Chef.
# Do NOT modify this file directly.
vagrant ALL=(ALL) NOPASSWD:SETENV: /bin/
以下是我所做的修改:
文件:sudo/菜谱/default.rb
# if the node belongs to the "development" environment, create a config file
# for the vagrant user, e.g. /etc/sudoers.d/vagrant
if node.chef_environment == 'development'
sudo 'vagrant' do
user 'vagrant'
runas 'ALL' # can run as any user
host 'ALL' # from any Host/IP
nopasswd true # prepends the runas_spec with NOPASSWD
setenv true # prepends the runas_spec with SETENV
commands ['/bin/'] # let the user run anything in /bin/ without a password
end
end
文件:sudo/资源/default.rb
# add new attribute "setenv"
attribute :setenv, :equal_to => [true, false], :default => false
# include it in the state_attrs list
state_attrs :commands,
:group,
:host,
:nopasswd,
:setenv,
:runas,
:template,
:user,
:variables
文件:sudo/供应商/default.rb
# in render_sudoer, add setenv to the variables list
variables :sudoer => sudoer,
:host => new_resource.host,
:runas => new_resource.runas,
:nopasswd => new_resource.nopasswd,
:setenv => new_resource.setenv,
:commands => new_resource.commands,
:defaults => new_resource.defaults
文件:sudo/模板/违约/sudoer.erb
# generate SETENV option in the config file entry
<% @commands.each do |command| -%>
<%= @sudoer %> <%= @host %>=(<%= @runas %>) <%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %> <%= command %>
<% end -%>